I have a program with a heap overflow. It contains some code that is not randomized (is not using ASLR). I want to do a return-oriented programming exploit. Since this is a heap overflow, the first ...

Assume, I have an executable which hooks the API CreateFileW located in Kernel32.dll which is shared globally across the system for all other processes. From hooking I mean, that I have overwritten ...

I've installed ubuntu server 12.04 on VM two weeks ago.
I've created regular snapshots.
XXX time ago I've noticed unusual activity and I've found that a backdoor was installed into my server.
One of ...

Is it illegal to publish an exploit against a known vulnerability in US? The exploit could be published in one's blog or places like exploit-DB. It seems that in countries like Germany and France such ...

I'm trying to exploit my virtual machine (windows xp sp3) by cve-2013-5065. I created exe from python script and ran on my virtual machine. It successfully spawned new shell but cmd.exe was not with ...

Are heap spray exploits possible, if the process we're attacking is a 64-bit process?
Naively, it seems like the 64-bit address makes it difficult to mount a heap spray: to fill all (or a significant ...

I have 2 choices in sending data between 2 web applications.
I encode the data in Base64 and append to the URL and retrieve these parameters at my destination application and decode the parameters.
...

A typical strategy for defeating ASLR is to find both a buffer overflow bug and an information disclosure bug. But when attacking servers that are automatically restarted whenever they crash/die, is ...

How to automatically search and download exploits which matches for example with kernel release ?
Is there for example a public REST web service which provide data in XML or JSON format to a client ...

In a modern OS I think that:
the .text section where binary assembled CPU instructions are stored cannot be modified
the .data/.bss section is marked as no-execute so that the information there will ...

Like the title says, what happens if my ISP gives my connection (by accident/on purpose) a public IP address that someone else is currently using to browse the web or send an email or pay his bills?
...

I am looking for a way to do the Token Kidnapping’s Revenge exploit by Argeniss. (The vulnerability is explained in here)
I am studying security (beginner) and I would like to imitate the attack to ...

I'm trying to quantify the exact risk I'm subjecting my PC to if leaving it with Windows XP as opposed to upgrading it to e.g. Windows 7, an upgrade that would be very time-costly in my case. I don't ...

I have search a lot in the internet and I didn't find anything that is directly answer my question. What type of vulnerabilities are out there. I mean vulnerabilities like buffer overrun, not like XSS ...

Following the weekend announcement from Microsoft regarding the vulnerability in IE I have been looking at additional security defences for our endpoints. I've read some technical documentation and ...

We have a program that is vulnerable to a one byte frame pointer overwrite. The stack is marked executable, the Linux machine has aslr disabled, stack cookies are disabled, and it's a little endian ...

Basically, I'm testing a local network, on which I'm able to use ARP spoofing. I now want to try and infect one of the Windows boxes on the network with a backdoor. I could inject an iframe into their ...

If I have got this right in my head it would be a simple enough task to combine arp spoofing on a public WiFi to redirect clients to an evil SSL server which sends malformed heartbeat requests or to ...

I have read about recent vulnerability in openssl. I tried to exploit one of my cloud servers where I run my web sites. I managed to get 64 KB of data. But what I managed to get was only HTML, CSS, ...

In the past recent years of mine, I have been doing a lot of DLL injection with a few indie games and MMORPGs. I fully understand how to do it, and how it works for allowing these games to work not as ...